Microsoft has release, the 9 April 2013, during his April Patch Tuesday, one updated security advisory and nine security bulletins. On the nine security bulletins two of them have a Critical security rating.
Microsoft Security Advisory 2755801
MSA-2755801,released during September 2012, has been updated. The security advisory is regarding updates for vulnerabilities in Adobe Flash Player in Internet Explorer 10. KB2833510 has been released for supported editions of Windows 8, Windows Server 2012, and Windows RT. The update addresses the vulnerabilities described in Adobe Security bulletin APSB13-11.
MS13-028 – Cumulative Security Update for Internet Explorer
MS13-028 security update, classified as Critical, allowing remote code execution, is the fix for 2 privately reported vulnerabilities in Internet Explorer. CVE-2013-1303 (6.8 CVSS base score) and CVE-2013-1304 (6.8 CVSS base score) were discovered and privately reported by Ivan Fratric and Ben Hawkes of Google Security Team.
MS13-029 – Vulnerability in Remote Desktop Client Could Allow Remote Code Execution
MS13-029 security update, classified as Critical, allowing remote code execution, is the fix for 1 privately reported vulnerability in Windows Remote Desktop Client. CVE-2013-1296 (9.3 CVSS base score) was discovered and privately reported by c1d2d9acc746ae45eeb477b97fa74688, working with HP’s Zero Day Initiative.
MS13-030 – Vulnerability in SharePoint Could Allow Information Disclosure
MS13-030 security update, classified as Important, allowing information disclosure, is the fix for 1 publicly reported vulnerability in Microsoft SharePoint Server. CVE-2013-1290 (3.5 CVSS base score) was publicly disclosed.
MS13-031 – Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege
MS13-031 security update, classified as Important, allowing elevation of privileges, is the fix for 2 privately reported vulnerabilities in Microsoft Windows. CVE-2013-1284 (4.9 CVSS base score) and CVE-2013-1294 (4.9 CVSS base score) were discovered and privately reported by Gynvael Coldwind and Mateusz “j00ru” Jurczyk of Google Inc.
MS13-032 – Vulnerability in Active Directory Could Lead to Denial of Service
MS13-032 security update, classified as Important, allowing denial of service, is the fix for 1 privately reported vulnerability in Active Directory. CVE-2013-1282 (unknown CVSS base score) was discovered and privately reported.
MS13-033 – Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege
MS13-033 security update, classified as Important, allowing elevation of privileges, is the fix for 1 privately reported vulnerability. CVE-2013-1295 (5.0 CVSS base score) was discovered and privately reported by George Georgiev Valkov.
MS13-034 – Vulnerability in Microsoft Antimalware Client Could Allow Elevation of Privilege
MS13-034 security update, classified as Important, allowing elevation of privileges, is the fix for 1 privately reported vulnerability in the Microsoft Antimalware Client. CVE-2013-0078 (7.2 CVSS base score) was discovered and privately reported.
MS13-035 – Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege
MS13-035 security update, classified as Important, allowing elevation of privileges, is the fix for 1 privately reported vulnerability in the Microsoft Office. CVE-2013-1289 (4.3 CVSS base score) was discovered and privately reported by Drew Hintz of Google Security Team.
MS13-036 – Vulnerabilities in Kernel-Mode Driver Could Allow Elevation Of Privilege
MS13-036 security update, classified as Important, allowing elevation of privileges, is the fix for three privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft Windows. CVE-2013-1283 (6.9 CVSS base score) and CVE-2013-1292 (6.9 CVSS base score) were discovered and privately reported by Gynvael Coldwind and Mateusz “j00ru” Jurczyk of Google Inc. CVE-2013-1293 (6.9 CVSS base score) was publicly disclosed by Gynvael Coldwind and Mateusz “j00ru” Jurczyk of Google Inc. CVE-2013-1291 (7.1 CVSS base score) was discovered and privately reported by Wang Yu.
RT @BackTrackAcadem: Microsoft ha comunicado, el 9 de abril de 2013, durante su Martes Abril Patch , un aviso de seguridad… http://t. …
“@BackTrackAcadem: Microsoft ha comunicado, el 9 /4/2013, durante su Martes Abril Patch , un aviso de seguridad… http://t.co/g4kQlLDGGD“
RT @BackTrackAcadem: Microsoft ha comunicado, el 9 de abril de 2013, durante su Martes Abril Patch , un aviso de seguridad… http://t. …
Microsoft ha comunicado, el 9 de abril de 2013, durante su Martes Abril Patch , un aviso de seguridad… http://t.co/cug6nk7zSN
RT @bartblaze: Microsoft April 2013 Patch Tuesday Review: http://t.co/qdhToYTnSH
Microsoft April 2013 Patch Tuesday Review: http://t.co/qdhToYTnSH
Microsoft April 2013 Patch Tuesday Review: http://t.co/yUbLOspTqc #infosec